Share via

Email notification of SQL Azure vulnerability does not match report on portal. Why?

Skip Sailors 5 Reputation points
2023-08-21T20:40:53.45+00:00

I regularly receive an email from the Azure Portal saying "A Vulnerability Assessment scan has completed on your server" with a summary line saying that the master has one failing check, and it is flagged at high risk. I click on the "View Results" link and the portal reports that there are 0 total vulnerabilities and 0 high-risk vulnerabilities.

One of these reports s lying. How do I know which one? How do I know the truth?

Azure SQL Database
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,840 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. GeethaThatipatri-MSFT 29,397 Reputation points Microsoft Employee
    2023-08-22T15:42:01.5533333+00:00

    @Skip Sailors Can you share if you are using classic or express configuration?

    The mail should be correct. note that there are several options for this inconsistency that you are experienced

    1. The mail does not consider the disabled and the exempt rules. you won’t be visible in the UI as finings and will be available under the “Not Applicable” tab.
    2. if you don’t have MDC bundles you can lose the data from ARG when not visiting MDC blades in the past 30 days.

    In this case, you won’t be able to see findings under all the tabs. you will need to go the MDC blades to be active again and it should be resolved in ~24 hours.

    I hope this information helps.

    Regards

    Geetha

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.